Abstract
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagation worm can quickly spread across the Internet. And every worm incidents can cause severe damage to our society. So it is necessary to build a system that can detect the presence of worm as quickly as possible. This paper first analyzes the worm’s framework and its propagation model. Then, we describe a new algorithm for detecting worms. Our algorithm first monitors the computers on network and gets the number of abnormal computers. Then based on the monitoring result, we detect an unknown worm by using recursive least squares estimation. The experiments result proves that our approach is effective to detect unknown worm.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Zou., C.C., Gong, W.: Monitoring and Early Detection of Internet Worms. In: Proceeding of th 10th ACM symposium on computer and communication security, pp. 190–199. ACM, Washington (2003)
Zou., C.C., Gong., W., Towsley, D.: Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense. In: Proceedings of ACM CCS Workshop on Rapid Malcode, pp. 51–60 (2003)
Berk., V.H., Gray., R.S., Bakos, G.: Using Sensor Networks and Data Fusion for Early Detection of Active Worms. In: Proceedings of the SPIE AeroSense (2003)
Kephart, J.O., White, S.R.: Directed-graph Epidemiological Models of Computer Viruses. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 343–359 (1991)
Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: GrIDS a Graph Based Intrusion Detection System for Large Networks. In: Proceedings of the 19th National Information Systems Security Conference, pp. 361–370 (1996)
Ellis, D.: Worm Anatomy and Model. In: Proceedings of the ACM workshop on Rapid Malcode, pp. 43–50 (2003)
Zou., C.C., Gong., W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis. In: Proceedings of 9th ACM Conference on Computer and Communications Security, pp. 138–147 (2002)
Daley., D.J., Gani, J.: Epidemic Modeling: an Introduction. Cambridge University Press, Cambridge (1999)
Ljung, L.: System Identification: Theory for the User. Prentice Hall, Upper Saddle River (1999)
Ljung, L., Soderstrom, T.: Theory and Practice of Recursive Identification. MIT Press, Cambridge (1983)
Zheng, J., Mingzeng, H.U.: An Anomaly Intrusion Detection System Based on Vector Quantization. IEICE TRANS INF. & SYST. E89-D(1), 201–210 (2006)
Dagon, D., Qin, X., Gu, G., Lee, W., Grizzard, J., Levin, J., Owen, H.: Honeystat: Local worm detection using honeypots. In: Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection, RAID (2004)
Staniford, S.: Containment of Scanning Worms in Enterprise Networks. Journal of Computer Security (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bo, C., Fang, B.X., Yun, X.C. (2006). Adaptive Method for Monitoring Network and Early Detection of Internet Worms. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, FY. (eds) Intelligence and Security Informatics. ISI 2006. Lecture Notes in Computer Science, vol 3975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760146_16
Download citation
DOI: https://doi.org/10.1007/11760146_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34478-0
Online ISBN: 978-3-540-34479-7
eBook Packages: Computer ScienceComputer Science (R0)